Keeping our information private in the digital age remains one of the internet’s greatest challenges, and a newly uncovered breach gives us yet another disturbing reminder.
In early May, longtime data-breach hunter and security researcher Jeremiah Fowler uncovered a massive trove of 184,162,718 unique usernames and passwords, a staggering 47.42 GB of raw data, linked to well-known companies and online platforms, as Wired reports. The leaked credentials span accounts for Apple, Discord, Facebook, Google, Instagram, Microsoft, Roblox, Snapchat, Spotify, WordPress, Yahoo, and many others.
Even more concerning: the database included credentials for banking and financial accounts, healthcare platforms, and government portals, making the data not just a privacy issue, but a potential national security threat. According to Fowler in his blog post, at least 220 email addresses in the data end in .gov, tied to 29 countries, including the U.S., U.K., Canada, Australia, India, China, and Israel.
The database was labeled “senha”, Portuguese for "password", but otherwise, all text was in English. After discovery, it was promptly reported to the web host and taken offline. However, the key questions remain unanswered: Who collected the data? How was it obtained? When did the breach occur, why, and who else might have accessed it?
Although Fowler couldn’t determine how often the database was accessed, he says it’s “safe to say it was most likely accessed and extracted.” In other words: the sensitive data may already be in the hands of bad actors.
One leading theory is that this information may have been obtained via a type of malware called infostealer, a malware that is swiping millions of passwords, cookies, and search histories. It’s a gold mine for hackers, and a nightmare for anyone who becomes a target.
What should you do right now?
- Change your passwords for all major accounts, especially those tied to sensitive data.
- Use a password manager to create and store strong, unique passwords.
- Enable two-factor authentication (2FA) wherever it's available.
- Scan your devices for malware using reputable antivirus tools.
- Clean out your inbox; delete emails containing sensitive info like tax documents, financial statements, Social Security numbers, or passwords.
- Sign up for identity monitoring through your security provider or credit service.
- Add your emails and usernames to breach monitoring services to receive future alerts.
Fowler’s top advice? Stop treating your email like a cloud storage service. “Many people unknowingly treat their email accounts like free cloud storage and keep years’ worth of sensitive documents, like tax forms, medical records, cotracts, and passwords, without realizing how vulnerable they are,” he warns.
We get it… Remembering a different password for every account is a hassle. But in 2025, there’s no excuse for using your dog’s name anymore. Use a password manager, turn on two-factor authentication, and keep your inbox clean.
Your personal info isn’t just yours anymore, it’s a target.